Securing Replicated Configurations

Deployments connecting to Directory Servers
using replication follow the same rules identified in Security Overview. This section gives an example replicated configuration and
explains how to enable use of SSL in this configuration.

Replicated configuration shows Identity Synchronization for Windows installed in an MMR configuration, where there are two replicated Directory Server
masters with multiple Directory Server read-only hubs or consumers. Each Directory
Server has a Plug-in and there is only one Directory Server Connector, one
Active Directory system, and one Active Directory Connector.

Figure 8–2 Replicated Configuration

When the Directory Server source is configured for SSL, you must make
sure that both the preferred and secondary Directory Server certificates are
trusted by the replica Directory Server. This is true for every Directory
Server Plug-in of type other that you install on a system
with a Directory Server hub or read-only replica.

Note –

Directory Server Plug-ins have access to the same CA certificates
as its associated Directory Server.

The above diagram is specific
to two Directory Server masters. But you can extended this to contain multiple
masters.